Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
Already have an account? Sign In »
Now that we've talked about the graph utility and explore that a little bit, let's dive a little, be deeper into the provisional. And if you go to get a page, I have a link directly to tear reforms. Documents about provisions, Sirs, one thing you can see very clearly in an M. Bold
provisional Zahra Last results. So insure what? Our provisions.
Um, when you are creating a new server, sometimes you will want to run certain scripts or commands and do things on that server immediately after it's been created.
Provisions Air are very helpful method to run and execute commands and utilities on the server that was just created. So this could be in Stan sheeting configuration management tools like we spoke about in module to such a chef or puppet.
There's even some community extent provisions to support answerable. You can see over here there's habitat,
um, and salt are those are other configuration management tools that can set up the server, install additional packages. You can just run a script. In this example, we're not going to use those more product eyes to configuration managers. We're just gonna run a simple bash script that does some additional set up
in in the cloud mentality. You really do want to simplify this. So the use of provisions is highly discouraged by Hash Corp You can see here once again it's a last resort kind of thing. I wanted to cover it because in a reality you're going to be doing these kind of activities.
I think the more ideal scenario
from HASHEY corpse perspective is, rather than doing configuration of the servers after the server, self has been deployed, right. So instead of just taking a a base of Boon to Lennox image or Windows image and then doing a bunch of post operations on it, you would create a custom image for that server ahead of time.
And you would deploy that custom image.
So, using something like a Packer type product, which is a slightly different approach, right? Is this kind of like it's prebaked the whole system and set up? Or you're doing the nuances of the set up post deployment
type mentality. So you're going to see that as a running theme if you have the chance to read through this. But the reality is, a lot of people do use this And so I want to make sure to cover this. This can include immediately after deployment, running commands on the remote machine,
but also running commands locally. And we'll take a gander. It
both of those scenarios. So that's a summary of provisions Er's and what they're all about. Now we're gonna take a moment and start diving into some example code and see provisions in action
moving back over to her. I d e. I'm gonna go ahead and I'm gonna open up the main terra form file for located in the in the directory for this module. And I'm gonna gloss over some of these other parts at the moment and really put an emphasis on the provisional er that we've set up. So
here I am, creating a virtual machine,
calling it VM, defining a variety of attributes about this machine you may recall, in the prior modules, when we were talking about terror for modules, we created a virtual machine using the module so that abstracted creating a lot of other resource is for us and also defining a lot of this information.
So it was a very helpful approach.
However, that model did not allow us to specify in an inject provisions.
So in this circumstance, rather than relying on that model to create the virtual machine, we are defining provisionals ourselves. And so the first provisions I want to talk about a remote execs and of course, file. So the file provisional er is gets run when the virtual machine is created.
And in this circumstance, I'm uploading a script called set up dot s H,
which happens to be in the same directory as the terra form files. We'll take a look at that in the moment and then immediately following provisions execute in the order that they're defined in your terra form file. So after the machine has made the first provisional runs here and it's gonna upload the setup script, it's gonna put it in temp directory on the
And then we're going to do, ah, remote exact permit, provisional er, and so it's gonna run these commands on that virtual machine after it's been in Stan. She ate it and after the file has been uploaded, and so we're gonna set the execution bit on the particular script, and then I'm gonna call the script and
thing to call out here is I'm passing certain arguments to the script
and the values of these arguments are based on, in this case of variable and input variable for my terra form file. And then I'm also passing another value, which is actually based on the value of another resource. And in this circumstance, I have a public I p
address resource that's being created
and I'm passing in the fully qualified domain name of that public i p resource.
So this is powerful. Tow the call out because you're carrying forward certain things that may not be calculated until run time. If you recall when we were exploring the terra form graph the public I p was relying on the random resource.
So the fully qualified domain name is not something I know until this terra form script executes.
And that's why I'm passing it along to the to the set up that s H shell script, which I'm executing on this server
7.3 local-exec and Example
8.1 Local State File Fundamentals
8.2 Remote State File
8.3 AzureRM Backend
9.1 Terraform Functions